Logging of events, information assets, and other key information is a foundation that underpins your compliance. The purpose of the logging is to ensure relevant events and information are communicated, monitored and managed in accordance with the relevant compliance requirements. This logging commonly covers:
- Customer feedback/complaints
- Employees, onboarding and off boarding
- Customers, onboarding and off boarding
- Third-party service providers, onboarding and off boarding
- Risks
- Incidents
- Changes
- Vulnerabilities
- Control failures and improvements
- System events and logs
To operate effectively, it’s important to centralise these logs and completely track the relevant information. Separate, ad-hoc logging undermines the oversight and effective management of these events. Each of these logs supports one or more key compliance activities, for example logging changes helps to ensure those changes follow the correct change management steps with approvals, testing, communication and relevant updates to documentation to meet the objectives of the system.
These logs may be captured automatically by relevant tools, or manually populated as a part of the relevant processes. For example each time a new risk or incident is identified, a new customer or vendor onboarded, this is populated into a relevant system or log accordingly. Changes, vulnerabilities, and system events may be automatically tracked in version control software, vulnerability scanning software, and system monitoring tools, respectively.